If you’ve been feeling depressed about the Covid-19 crisis lately, we’ve got news for you – cybercrime represents a similar threat to the modern civilization in a digital world as Covid-19 does to our health. We don’t have any long-term answers to either of these challenges. A part of the so-called “new normal” is also an epidemic of cybercrime, and we have neither an effective vaccine, nor the medication or any promises of getting one in the near future.
The story is not about the “arms race” as many would like you to believe. Constantly buying new tools and software applications should supposedly protect you from the new types of cyberattacks, however, they make your system even more complex and difficult to control – which is in parallel to the “stay at home” epidemic countermeasure with regard to Covid-19. It doesn’t cure the problem, it just postpones it. The story is about the attackers who have managed to develop new “business models” (Next-generation Ransomware) and tend to turn the odds in their own favor. The “barrier to entry” is constantly getting lower. The new business models enable cybercriminals to target us all, while the distributed work models, e.g. remote work also make us more vulnerable. Many organizations don’t use a secure Virtual Private Network (VPN) and employees just access their cloud data directly from their unsecure home networks; some employees also “cheat” and perform their job on unsecured private computers. The attack surface is therefore extended from a “secure office space”, which is protected by corporate enforced countermeasures, to simplified and uncontrolled home environments (small office or home environment – SOHO). Therefore, it can be expected that the situation will only deteriorate with time.
The problem is that technology is not effective anymore due to the increasing complexity and intertwining of network systems (complex webs of trust, hybrid clouds, chains), and immature technologies (Internet of Things – IoT and Internet of Everything – IoE); therefore, we are incapable of finding an automatized and scalable means of defense.
We need a human defender to confront a human attacker, but it seems that the attackers have a lot of luck. Artificial intelligence (AI) is not helpful enough, and it is also used by the attackers, therefore we think that the battle of AI against AI is an illusion, and the outcome is already known. Yet another quite common approach used by the attackers is the usage of “legitimate” processes in order to mimic a normal behavior of end users, which hardly gets noticed by the “prevention radar”.
Nowadays, the essential factor is the “firefighting ability” that most organizations don’t possess. It is NOT about the new technology, it is about the NEW APPROACHES!
The short-term option is the promotion of firefighting capabilities, centers of knowledge – such as SOC (Security Operations Center), OPENNESS, and EXCHANGE. The long-term solutions are education of experts, and more serious regulation and liability, since currently we are walking on the edge of negligence due to despair.